package org.esteid.sk;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:org/esteid/sk/CertificateHelpers.class */
public final class CertificateHelpers {
    public static boolean isCardAuthenticationKey(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && keyUsage[1]) {
            return false;
        }
        Map<String, String> cert2subjectmap = cert2subjectmap(x509Certificate);
        if (cert2subjectmap.containsKey("O")) {
            return (cert2subjectmap.get("O").toUpperCase().equals("ESTEID (MOBIIL-ID)") || cert2subjectmap.get("O").toUpperCase().equals("Mobile-ID")) ? false : true;
        }
        return true;
    }

    public static Map<String, String> cert2subjectmap(X509Certificate x509Certificate) {
        HashMap hashMap = new HashMap();
        try {
            for (Rdn rdn : new LdapName(x509Certificate.getSubjectX500Principal().getName()).getRdns()) {
                if (rdn.getValue() instanceof byte[]) {
                    byte[] bArr = (byte[]) rdn.getValue();
                    hashMap.put(rdn.getType(), Hex.toHexString(bArr));
                    if (bArr[0] == 19) {
                        hashMap.put(rdn.getType(), new String(Arrays.copyOfRange(bArr, 2, bArr[1] + 2), StandardCharsets.US_ASCII));
                    } else if (bArr[0] == 12) {
                        hashMap.put(rdn.getType(), new String(Arrays.copyOfRange(bArr, 2, bArr[1] + 2), StandardCharsets.UTF_8));
                    } else {
                        System.out.println(rdn.toString());
                    }
                } else if (rdn.getValue() instanceof String) {
                    hashMap.put(rdn.getType(), rdn.getValue().toString());
                } else {
                    System.out.println(rdn.toString());
                }
            }
        } catch (InvalidNameException e) {
            e.printStackTrace();
        }
        return hashMap;
    }

    public boolean isDigiID(X509Certificate x509Certificate) {
        System.out.println("Extensions critical");
        System.out.println(Arrays.toString(x509Certificate.getCriticalExtensionOIDs().toArray()));
        return false;
    }

    public static String getCN(X509Certificate x509Certificate) throws CertificateParsingException {
        try {
            for (Rdn rdn : new LdapName(x509Certificate.getSubjectX500Principal().getName()).getRdns()) {
                if (rdn.getType().equals("CN")) {
                    return rdn.getValue().toString();
                }
            }
            return new BigInteger(1, MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded())).toString(16);
        } catch (NamingException | NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new CertificateParsingException("Could not fetch common name from certificate", e);
        }
    }

    public static String crt2pem(X509Certificate x509Certificate) throws IOException {
        try {
            return "-----BEGIN CERTIFICATE-----\n" + Base64.getMimeEncoder().encodeToString(x509Certificate.getEncoded()) + "\n-----END CERTIFICATE-----";
        } catch (CertificateEncodingException e) {
            throw new IOException(e);
        }
    }

    public static boolean isMobileID(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal().toString().contains("MOBIIL-ID");
    }

    public static boolean isDigitalSignatureCertificate(X509Certificate x509Certificate) {
        return x509Certificate.getKeyUsage()[1];
    }

    public static boolean isCardAuthCertificate(X509Certificate x509Certificate) {
        return (isMobileID(x509Certificate) || isDigitalSignatureCertificate(x509Certificate)) ? false : true;
    }

    public static Collection<X509Certificate> filter_by_algorithm(Collection<X509Certificate> collection, String str) {
        return (Collection) collection.stream().filter(x509Certificate -> {
            return x509Certificate.getPublicKey().getAlgorithm().equals(str);
        }).collect(Collectors.toList());
    }

    public static X509Certificate pem2crt(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", ""))));
    }

    public static Optional<String> crt2idcode(X509Certificate x509Certificate) {
        return Optional.ofNullable(cert2subjectmap(x509Certificate).getOrDefault("2.5.4.5", null)).map(str -> {
            return str.startsWith("PNOEE-") ? str.substring(6) : str;
        });
    }
}
